Securing ssh Daemons from Brute-Force Attacks in Ubuntu

Posted by digo on February 23, 2011 Leave a comment (0) Go to comments

  • Install fail2ban:

    aptitude install fail2ban

  • Create local configuration:

    cd /etc/fail2ban && cp jail.conf jail.local

  • Edit /etc/fail2ban/jail.local and enable ssh-ddos by changing the according enable line to true

  • Restart fail2ban daemon:

    service fail2ban restart

  • Since Ubuntu version 10.04 rsyslogd is used; one of its default setting is to reduce the log output by compressing recurrent messages, which breaks the fail2ban-mechanism. Therefore, changing the following line in /etc/rsyslog.conf is vital:

    sed -i ‘s/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/’ /etc/rsyslog.conf

  • Restart fail2ban and rsyslog daemon:

    service fail2ban restart && service rsyslog restart
Linux, Security

Leave a Comment